Overview

overview

8

Static

static

3

589a084f65...96.exe

windows7-x64

589a084f65...96.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/01/2024, 09:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    589a084f657e117cad51098efecc4396.exe

  • Size

    705KB

  • MD5

    589a084f657e117cad51098efecc4396

  • SHA1

    d3aba924226f16489714ff82818f0ca72edcdd99

  • SHA256

    635ff967e4b35b958a7d85141dbd6ac4c6bc6c09cd99c274b1a7e3d9fc673ce3

  • SHA512

    18570d3b379572d9a801ca269d4bacb65f52e66a60bfcab6955d546d89841d74fbf30be5322db47675ae783670d2dc5fec1245e1889094aad884c1e1715be111

  • SSDEEP

    12288:NDJnJM4OpSpnO8kTflYcS4RaEnam/OJMe/bGQJ3by53Y9:1JnJM4OqTW95SYaix/OJb/bl3e5I9

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 6 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 25 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\589a084f657e117cad51098efecc4396.exe
    "C:\Users\Admin\AppData\Local\Temp\589a084f657e117cad51098efecc4396.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1640
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:1600
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:5104
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:220
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4020
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2180
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3700
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3532

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
            Filesize

            613KB

            MD5

            e1a71c00709c9b8a7e2e9f347ca3a426

            SHA1

            7ce58e0a9ad453198876f276871cf3f47755d7f4

            SHA256

            d11697e828230304d49732ab88e84dfe3fe067f8ec2f3528fae71c649db83759

            SHA512

            7b665049e1cccabde58f6b22887bdf6e10d5902e6ac1b04466efe008ab91fea472daa8c519129e6dd0f03c64af1a8a0b04802f683dd1e7892ce2b74058890a43

            Download Submit

          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
            Filesize

            2.0MB

            MD5

            0155014ea703972056c7f68a0ba54250

            SHA1

            ef85598543c15fea64086e953581e8eb1460c9c6

            SHA256

            2b08a2697fa98d991ace93e9df51e88677ae05ed08544d1b88bf05c71c931a5e

            SHA512

            a1f6c5f029ed51539d2ed376c6bcb8ec3d7f1727463b46650f3eb9635e095b370c12a2bc8b37b08c1edd888e69654305acc2f14bff31dc88e5926d24720c5b8b

            Download Submit

          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\kddmqjlj.tmp
            Filesize

            1.4MB

            MD5

            f68a164568cdf964a7c859b0b8ca52ac

            SHA1

            14d878fee8f09cbe5c614ddd8c3ca052167bbe7f

            SHA256

            52b633a4766996147236ee630c321c2e89ed4122580b00fe07f5104ce048ba78

            SHA512

            e3ef64b2967cff1e104f4ac44c3de5a8cf77d19f7e4a5c0ba7463c4e05921207b6cf6e08409839ee68bb22dae216eae20d1ee7f71c01489f95822bbd2b29fff3

            Download Submit

          • C:\Users\Admin\AppData\Local\obcemiqk\cmd.exe
            Filesize

            678KB

            MD5

            66744609d63439e14e43c1edc5b07ed8

            SHA1

            0493134b5c329b83cf86df758b08cdd8f829f17a

            SHA256

            c18c7e6bf9f2048ec5ad106e40cf1e688472b44691d97cefa3a5ea216ec98f1d

            SHA512

            e0378530b32069beecf77079accfadcbd5598e1523b38972e59d094a0c4034aeca174a1d180ab31639bfc45c1edaf3477a0e6fb488820983c971808564ad2483

            Download Submit

          • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
            Filesize

            487KB

            MD5

            c06e713b195df3e778dcb918a3267afd

            SHA1

            cde7f082f89f37063be8373b1a12e8940cb2c5cd

            SHA256

            a57c5b8535156482799d298075cf1f4e3b420bbf018d0a8093c622b6f29aaa7d

            SHA512

            118d7d01371207fba471a92d4b628254d0b633992eb4a086e622f634a7560875f7ea49376de3eedd630fac2aaa70a261461605c81e4c3bb05176f0864d1e19d0

            Download Submit

          • C:\Windows\System32\FXSSVC.exe
            Filesize

            1.0MB

            MD5

            f9ed65af278b1535565f83c89ee4a17d

            SHA1

            718b3f207a5e6fd5e7b5d22d5418b89acd4a23d8

            SHA256

            a581be237fb700a41c53289aab6d85c26b05e1a8f68fd970f941f063091169a4

            SHA512

            6c9d37a4765dca6352da0f4feb5157ade0d86f969c8b4da19261a71736db12209d42913612068756aa6306aa4d0dbb90348e70fdcebbd0b8813da3017104b58c

            Download Submit

          • C:\Windows\System32\alg.exe
            Filesize

            489KB

            MD5

            6eaacc3a2415432c3024f8793a6ce6d8

            SHA1

            fd578f1003ce7eb56253bfbbb3346eda4dd63256

            SHA256

            bcec5f6a6072c059dce64d4d2fe50ffe62c2003f4904b1ebc2bc8cc05c390df4

            SHA512

            a54b6a2302ca4e119bedb5a454706826ce841d335bda996a161f6880aa9eaf732e3c2c23b26494bcebdbf0036932f40fa9c43938a83d48e6176012bf58f92b0b

            Download Submit

          • C:\Windows\System32\msdtc.exe
            Filesize

            540KB

            MD5

            0960d48c5e46b022b381653b57af6d46

            SHA1

            4e1cb6b4044fa69cef93575096afab8c4da7cf58

            SHA256

            b902637c1e4e72e824f00e927a5d4d0fdefacddd1d10ea3166b8d7fdfcb7aa54

            SHA512

            e5575e2fbc40b27324039d4981d4d984227ffc43029284753622f985177d6bc7fa2c46a76c7fb02829f070e9dc65ad4e53f38586a963af66fd61a4126e22cc7e

            Download Submit

          • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
            Filesize

            637KB

            MD5

            da72ed563559e582f64c9fa1face94de

            SHA1

            4709aa4234d8de855cf120583216dcb7ca04a250

            SHA256

            c0814a6feef239229a19dd1e1ccac6aa2b244db1d2dce8b6f97298e0c397243b

            SHA512

            6bbe138b9328a8bba80c98df0ab9e353d45f49ef072126c1ba1a5d86ff778d292d25a6d1e3491275003a16ac96bea93a32c0c4bbbc78d917668301f611839a8b

            Download Submit

          • \??\c:\program files\google\chrome\Application\106.0.5249.119\elevation_service.exe
            Filesize

            1.1MB

            MD5

            4ba8aa8a9fd9bd4554703bc9ed7741c4

            SHA1

            e83e695a0f1caf2991e29a9541e1fddfad73d8a2

            SHA256

            e8e3b0fca75e8832529bbb75e0b4b6f3907290270a5bdf1bc5c8856f3d0a5803

            SHA512

            c20698ed85392be52554ff5c56a7c494737bbc363e00569d341c173e94cbed89e1182248fa2e8ccb6c21417053d6a48c5674595067fc75c11209a70afa474378

            Download Submit

          • \??\c:\windows\system32\Appvclient.exe
            Filesize

            1.1MB

            MD5

            9ff2f7a7a149a9f75ddfb626fb1b0f18

            SHA1

            c9feba9f4f90dfee52c74bfd47c8595060bb3689

            SHA256

            a0775008339b30e61b72659327958f24123703dde51fb37ff7299399922180cd

            SHA512

            d64abc5b1064cb72b26bce663c11f6e03ac5961aaf0851290a8e1e315e37673fc49dd6451855eef0d9b39bf6246e625bb19789617f2d26f6b7a232c24f96dedc

            Download Submit

          • memory/1600-24-0x00007FF70A010000-0x00007FF70A0E3000-memory.dmp

            Filesize

            844KB

            Download

          • memory/1600-17-0x00007FF70A010000-0x00007FF70A0E3000-memory.dmp

            Filesize

            844KB

            Download

          • memory/1600-86-0x00007FF70A010000-0x00007FF70A0E3000-memory.dmp

            Filesize

            844KB

            Download

          • memory/1640-0-0x00007FF712040000-0x00007FF712149000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1640-23-0x00007FF712040000-0x00007FF712149000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/1640-2-0x00007FF712040000-0x00007FF712149000-memory.dmp

            Filesize

            1.0MB

            Download

          • memory/2180-108-0x00007FF660D20000-0x00007FF660F81000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/2180-50-0x00007FF660D20000-0x00007FF660F81000-memory.dmp

            Filesize

            2.4MB

            Download

          • memory/3532-76-0x00007FF7A28A0000-0x00007FF7A2982000-memory.dmp

            Filesize

            904KB

            Download

          • memory/3532-114-0x00007FF7A28A0000-0x00007FF7A2982000-memory.dmp

            Filesize

            904KB

            Download

          • memory/3700-64-0x00007FF6E4B20000-0x00007FF6E4C14000-memory.dmp

            Filesize

            976KB

            Download

          • memory/3700-63-0x00007FF6E4B20000-0x00007FF6E4C14000-memory.dmp

            Filesize

            976KB

            Download

          • memory/4020-40-0x00007FF647370000-0x00007FF6474CF000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/4020-48-0x00007FF647370000-0x00007FF6474CF000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/5104-87-0x00007FF748440000-0x00007FF748512000-memory.dmp

            Filesize

            840KB

            Download

          • memory/5104-32-0x00007FF748440000-0x00007FF748512000-memory.dmp

            Filesize

            840KB

            Download